From 9850137f551fcbaa89cf2cefb758375bece8ba7a Mon Sep 17 00:00:00 2001
From: Artem Eroshenko <eroshenkoam@qameta.io>
Date: Wed, 2 Dec 2020 23:54:57 +0300
Subject: [PATCH] fix security issues (via #163)

---
 pom.xml                                       | 23 +++++++++++++------
 .../allure/bamboo/info/AbstractAddInfo.java   |  7 +++---
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/pom.xml b/pom.xml
index bf6f6bf..95b65ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -122,15 +122,19 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.8.6</version>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
         </dependency>
         <dependency>
-            <groupId>net.sf.json-lib</groupId>
-            <artifactId>json-lib</artifactId>
-            <version>2.4</version>
-            <classifier>jdk15</classifier>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.12.0</version>
         </dependency>
     </dependencies>
     <build>
@@ -164,6 +168,11 @@
                     <tagNameFormat>@{project.version}</tagNameFormat>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>6.0.3</version>
+            </plugin>
         </plugins>
     </build>
     <repositories>
diff --git a/src/main/java/io/qameta/allure/bamboo/info/AbstractAddInfo.java b/src/main/java/io/qameta/allure/bamboo/info/AbstractAddInfo.java
index 1c49d00..5f130b3 100644
--- a/src/main/java/io/qameta/allure/bamboo/info/AbstractAddInfo.java
+++ b/src/main/java/io/qameta/allure/bamboo/info/AbstractAddInfo.java
@@ -1,6 +1,6 @@
 package io.qameta.allure.bamboo.info;
 
-import net.sf.json.JSONObject;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,9 +27,8 @@ public Path invoke(File file) {
         }
         Path testRun = outputDirectory.resolve(getFileName());
         try (Writer writer = Files.newBufferedWriter(testRun, StandardCharsets.UTF_8)) {
-            JSONObject.fromObject(getData())
-                    .write(writer)
-                    .flush();
+            final ObjectMapper mapper = new ObjectMapper();
+            mapper.writeValue(writer, getData());
         } catch (IOException e) {
             LOGGER.error("Failed to add executor info into the file " + file.getAbsolutePath(), e);
         }